[Spice-devel] [PATCH vd_agent_linux 01/10] vdagentd: Avoid calling chmod
Frediano Ziglio
fziglio at redhat.com
Tue Nov 3 09:57:35 UTC 2020
This entire series has been already reviewed and merged as part of security
audit from SUSE security team.
Note that the classifications are Low/Medium.
Distributions should already have patches/packages.
Regards,
Frediano Ziglio
>
> Create the socket with the right permissions using umask.
> This also prevents possible symlink exploitation in case socket
> path is not secure.
>
> Signed-off-by: Frediano Ziglio <freddy77 at gmail.com>
> Acked-by: Uri Lublin <uril at redhat.com>
> ---
> src/vdagentd/vdagentd.c | 12 ++----------
> 1 file changed, 2 insertions(+), 10 deletions(-)
>
> diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c
> index dca6980..a2b74bb 100644
> --- a/src/vdagentd/vdagentd.c
> +++ b/src/vdagentd/vdagentd.c
> @@ -1208,7 +1208,9 @@ int main(int argc, char *argv[])
> /* systemd socket activation not enabled, create our own */
> #endif /* WITH_SYSTEMD_SOCKET_ACTIVATION */
> {
> + mode_t mode = umask(0111);
> udscs_server_listen_to_address(server, vdagentd_socket, &err);
> + umask(mode);
> }
>
> if (err) {
> @@ -1219,16 +1221,6 @@ int main(int argc, char *argv[])
> return 1;
> }
>
> - /* no need to set permissions on a socket that was provided by systemd
> */
> - if (own_socket) {
> - if (chmod(vdagentd_socket, 0666)) {
> - syslog(LOG_CRIT, "Fatal could not change permissions on %s: %m",
> - vdagentd_socket);
> - udscs_destroy_server(server);
> - return 1;
> - }
> - }
> -
> #ifdef WITH_STATIC_UINPUT
> uinput = vdagentd_uinput_create(uinput_device, 1024, 768, NULL, 0,
> debug > 1, uinput_fake);
More information about the Spice-devel
mailing list